Chinese threat actors’ exploitation of Microsoft Exchange Server zero days has proven about as extensive and damaging as early fears held it to be. Bloomberg describes the incident as “morphing into a global cybersecurity crisis,” with exploitation racing against patching and remediation. KrebsOnSecurity puts the total number of US organizations affected at about thirty thousand. Nor has the incident been confined to US targets: the European Banking Authority yesterday disclosed that it too had been affected.
Not all such exploitation is the work of Hafnium, the Chinese-affiliated threat actor Microsoft identified last week as the campaign's author. Redmond updated its advisory Friday to say, “Microsoft continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM.”
As the National Security Council tweeted over the weekend, simple patching isn’t enough: affected organizations must find and eject any of the webshells the attackers left behind.
The US Administration is forming a task force to organize a whole-of-government response to the cyber operations, CNN says. According to the New York Times, Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger will be leading that effort.
The furor over the Hafnium operation comes on top of the earlier, and continuing, furor over the SolarWinds compromise and related cyberespionage efforts. The New York Times quotes US National Secutity Advisor Sullivan on the range of potential US responses.
CyberScoop reports that the White House is preparing an Executive Order designed to foster building security into software.